If you use your private key to sign your commit, I don’t see how your PDS can impersonate it. There are different layers here. Your commit is still signed by you and non-impersonatable by the PDS operator. But the ATProto layer signing is under control of the PDS. So in that case you’d see either unsigned or differently signed git commits being reported at the ATProto layer as by you.

That seems entirely normal. The PDS handles ATProto actions but it cannot modify the git signature (obviously!). It’s no different than the fact that GitHub can post that you’ve committed a “verified” badge commit by adding a new signing key to your account and signing new commits with it.

The storage entity can always claim power over this by reporting a new key and signatures with that key. Seems entirely normal.